Virtualization and Cloud Summit 2013

Hi, this is Dave Shackleford, longtime SANS instructor as well as cloud & virtualization security curriculum lead for SANS. Having been intimately involved in the virtualization and cloud security arenas for years now, I've seen firsthand the challenges organizations face in trying to adopt virtualization technologies and private clouds in-house, and then move data, applications, and systems into hybrid and public cloud implementations. The security concerns are real, potentially difficult to overcome, and put security and operations teams in a position where they likely need to rely on others to create and maintain security controls.

There are a lot of exciting things happening in the virtualization and cloud security space! New tools are being released, new controls are being developed, compliance and legal considerations are changing, security architecture and design decisions are growing more complex, and much more. As the chair for this summit, I know we'll be touching on lots of timely and relevant topics related to virtualization and cloud security, and hearing from organizations that have tackled these challenges firsthand.

I look forward to seeing you there! Dave

More organizations than ever are deploying virtualization technologies and some are taking this to the next level by building private cloud infrastructure. Many are also leveraging hybrid and public cloud models to save money and gain efficiency in platform and application hosting, or by using Software-as-a-Service tools. But leveraging virtualization and cloud capabilities has a number of security and compliance ramifications. Many security teams are finding that cloud service providers do not have comparable security controls in place or that the providers aren't able or willing to share audit data with them. Contract requirements may not be taking security and compliance into account either, and there are a lot of risk management questions going unanswered.

At the SANS Cloud/Virtualization Security Summit, you can get some of those questions answered, in many cases directly from customers who have worked to solve the problems already. We'll be tackling questions like these:

How can we properly segment assets and data in a multitenant environment? What types of audit requirements should we be requesting from cloud providers, and in what format? Do the new SSAE 16 SOC 2 and SOC 3 reports provide adequate coverage of cloud provider controls? How can we leverage well-known guidelines like those from the Cloud Security Alliance for my organization's cloud initiatives? How can we protect our virtual machines and data with encryption when moving to the cloud? What Identity and Access Management (IAM) standards should we be paying attention to with private and public cloud models? What contractual requirements are critical to understand and include when drafting cloud contracts? What types of security solutions are available and actually work within virtualized environments? What types of monitoring and configuration controls can we implement and maintain in cloud environments? What types of policy changes are needed for virtualization and cloud deployments?

Who Should Attend?

Security managers who need to understand and advise on the risks of virtualization and cloud computing models and scenarios Security analysts and engineers who need to understand security controls for and in the cloud Auditors and compliance analysts who need to understand how to audit and assess virtualization and cloud environments Operations staff who need to gain insight into security capabilities of cloud providers and how other organizations are tackling virtualization and cloud

If you are interested in speaking at the 2013 Cloud/Virtualization Summit, please contact Jennifer Santiago, Summit Content Manager.

- Receive a discount of up to $500 for any full course paid for by Wednesday, November 28, 2012. - Receive a discount of up to $250 for any full course paid for by Wednesday, December 12, 2012. - No refunds available after Wednesday, December 19, 2012.